fleetdm
Misleading security setting labels in Organization settings
Fleet version: 4.66
💥 Actual behavior
The settings Verify SSL certs and Enable STARTTLS appear as general organization-level options, but actually only affect SMTP configuration. (to which we do have a dedicated settings section for)
- The "Verify SSL certs" label is ambiguous and suggests it could be controlling SSL/TLS for the entire Fleet instance
- Users may incorrectly believe they're modifying global security settings rather than just email-related configuration
- The positioning of these settings outside of a clearly labeled SMTP section increases confusion
This creates uncertainty about the actual security posture of the instance
🧑💻 Steps to reproduce
N/A
🕯️ More info (optional)
N/A
as a side note, modifying these settings does not generate an activity feed entry either.
Moving this to Product for consideration. This is technically a feature-improvement rather than a bug. cc @noahtalerman
Moved the original issue description here for safekeeping:
Fleet version: 4.66
💥 Actual behavior
The settings Verify SSL certs and Enable STARTTLS appear as general organization-level options, but actually only affect SMTP configuration. (to which we do have a dedicated settings section for)
- The "Verify SSL certs" label is ambiguous and suggests it could be controlling SSL/TLS for the entire Fleet instance
- Users may incorrectly believe they're modifying global security settings rather than just email-related configuration
- The positioning of these settings outside of a clearly labeled SMTP section increases confusion
This creates uncertainty about the actual security posture of the instance
🧑💻 Steps to reproduce
N/A
🕯️ More info (optional)
N/A
